Personal information belonging to 81.5 crore Indians has been exposed in one of the largest data breaches in the country’s history. Sensitive data, including Aadhaar and passport details, names, phone numbers, and both temporary and permanent addresses, is now available on the dark web.
Also Read: Storm Ciarán: Flood Warnings in Place as UK Braces for Heavy Rain
The Aadhaar breach was initially disclosed by a hacker operating under the pseudonym ‘pwn0001.’ This US-based hacker claimed to have obtained and personal data of millions of Indians and advertised the availability of 815 million records (81.5 crore) on Breach Forums.
A US-based cybersecurity agency named Resecurity took immediate action and launched an investigation into the breach.
Their HUNTER (HUMINT) unit examined the leaked data. They confirmed the authenticity of this data by cross-referencing it with Aadhaar records on a government website dedicated to verifying the legitimacy of such information.
The dataset offered by ‘pwn0001’ included an array of personal details, such as name, father’s name, phone number, other contact numbers, passport number, Aadhar number, age, gender, address, district, pin code, and state.
This information poses risks for the affected individuals, as it can be exploited for identity theft, financial fraud, and other malicious activities.
In addition to ‘pwn0001’s leak, there were reports of another data breach related to India’s internal law enforcement organization.
This Aadhaar data leak contained even more sensitive information, including Aadhaar IDs, voter IDs, and driving license records.
Furthermore, the discovery of records labeled “PREPAID” has raised concerns that the leak could have originated from a company offering pre-paid SIM cards.
Also Read: Russia: Mob Storms Dagestan Airport in Search of Jews
Such companies typically collect personal information to verify their customers before providing mobile services.
The information was collected during the COVID-19 pandemic, it is unclear which specific agency or entity was responsible for its security. The Indian Council of Medical Research (ICMR) has been mentioned as a possible data source.
There has been no official confirmation from the government regarding the data breach. However, the severity of the situation has prompted action.
The Computer Emergency Response Team of India (CERT-In) has alerted ICMR about the breach, and a verification process is currently underway.
Given the magnitude and sensitivity of the breach, the Central Bureau of Investigation (CBI) is expected to launch an investigation into the matter once ICMR files a complaint.
This data breach underscores the critical importance of robust data security measures, particularly in a digital age where personal information is increasingly digitized.
It also highlights the risks associated with the collection and storage of personal data, as well as the need for stringent regulations and oversight to protect citizens’ privacy.
Also Read: Tampa Mass Shooting: 2 Dead, 16 Injured in Florida
AIIMS faced a cyber-attack that led to the compromise of substantial amounts of data, disrupting hospital operations.
The increasing frequency of such incidents calls for an urgent need to bolster the cybersecurity infrastructure across all sectors.
There has been no official confirmation or response from the Indian government regarding this Aadhaar data breach.
The Indian Computer Emergency Response Team (CERT-In) has been alerted about the breach and is currently conducting a verification process to determine the extent of the breach.
Previous breaches, such as the hacking of AIIMS’ servers and a breach related to the CoWin website, have already shaken confidence in the country’s data protection measures.
The involvement of foreign actors in this breach further underscores the need for a thorough investigation by a premier agency. While the data breach is associated with the ICMR, the precise source of the leak remains unconfirmed.
The COVID-19 pandemic had led to the collection of extensive data, and it is challenging to pinpoint the exact origin of the breach as this data was distributed across various government bodies, including the National Informatics Centre (NIC), ICMR, and the Ministry of Health.
Also Read: Samsung Launches Galaxy Z Flip5 Retro Limited Edition Phone
